Welcome to This Week’s [in]Security. We’ve collected and grouped together a selection of this week’s news, opinions, and research. Quickly skim these annotated links organized by topic: compliance and payment security, breaches, regulation, bugs, privacy, hacking/malware, other security & risk, and more. We hope you enjoy and find them useful.

PCI Compliance and Payments

• New PCI FAQ on Non-listed Encrypting Solutions Assessment https://pcissc.secure.force.com/faq/articles/FrequentlyAskedQuestion/Where-can-I-find-more-information-about-the-Assessment-Guidance-for-Non-listed-Encryption-Solutions-aka-NESA  (our full index was updated at https://controlgap.com/index-pci-frequently-asked-questions/)
• More information on the upcoming Associate QSA program https://blog.pcisecuritystandards.org/associate-qsa-program-coming-soon

Breaches / Leaks

• New Amazon tool to help prevent leaks/breaches from AWS S3 misconfiguration https://www.darkreading.com/cloud/amazon-tackles-security-of-data-in-s3-storage-/d/d-id/1329628
• And ironically, another case of AWS S3 leakage - 1.8M voter records in Chicago https://www.theregister.co.uk/2017/08/17/chicagovoterleak/
• Hate website violates GoDaddy TOS, gets punted, makes fake hack claim, switches ISP and gets taken down again https://www.theregister.co.uk/2017/08/14/anondailystormer/ and  https://www.washingtonpost.com/news/morning-mix/wp/2017/08/14/godaddy-bans-neo-nazi-site-daily-stormer-for-disparaging-woman-killed-at-charlottesville-rally/
• Now HBO leaks GOT episode http://thehackernews.com/2017/08/game-of-thrones-season7.html
• Previous GOT insider leakers arrested https://www.databreachtoday.com/authorities-4-insiders-leaked-game-thrones-episode-a-10204

Lawful Access / Back-doors / Laws & Regulations

• EFF on data localization regulation and cross-border privacy https://www.eff.org/deeplinks/2017/08/rising-demands-data-localization-response-weak-data-protection-mechanisms
• Supreme Court considering if police require warrant to get cellphone location data https://www.schneier.com/blog/archives/2017/08/dothepolice_n.html

Bugs

• OLE! Another MS OLE bug exploits PowerPoint http://thehackernews.com/2017/08/powerpoint-malware-ms-office.html
• Unfixable bug in automotive Controller Area Network design allows DoS with potentially lethal effects https://www.schneier.com/blog/archives/2017/08/unfixable_autom.html
• For Adobe avoiders, two zero-days in Foxit PDF reader http://thehackernews.com/2017/08/two-critical-zero-day-flaws-disclosed.html

Privacy

• Bitcoin isn't as anonymous as most people think https://freedom-to-tinker.com/2017/08/17/when-the-cookie-meets-the-blockchain/
• DOJ fishing expedition?  Warrant issued for info on 1.3M visitors to Trump protest website https://epic.org/2017/08/justice-department-demands-13-.html
• Uber lands on wrong side of FTC, remedy includes ongoing 3rd party audits https://www.theregister.co.uk/2017/08/15/uberftcsettlement/
• London parking ticket app leaked PII over several years https://www.theregister.co.uk/2017/08/17/londoncouncilfinedoverleakyparkingticket_app/

Hacking / Malware / Cybercrime

• Hello front desk? There's a (fancy) bear in my bed https://www.databreachtoday.com/unwanted-hotel-guests-russias-fancy-bear-a-10190
• Decryption key to Apple's Secure Enclave Processor compromised https://threatpost.com/hacker-publishes-ios-secure-enclave-firmware-decryption-key/127524/
• NetSarang software update mechanism backdoored  https://threatpost.com/attackers-backdoor-another-software-update-mechanism/127452/
• Blizzard (gaming) hit with DDoS attack https://threatpost.com/blizzard-entertainment-hit-with-weekend-ddos-attack/127440/
• US Secret Service agent whole stole Bitcoins from Silk Road pleads guilty to money laundering  http://thehackernews.com/2017/08/money-laundering-silkroad-agent.html

Other Security / Risk

• Fake news propaganda "doppelganger" sites https://www.theguardian.com/technology/2017/aug/18/experts-sound-alarm-over-news-websites-fake-news-twins
• Smart-lock update disables locks requiring  (return to) "factory reset" http://thehackernews.com/2017/08/firmware-smart-locks.html
• GDPR and the difficulties of secure data sanitization https://www.theregister.co.uk/2017/08/14/gdprcompanieswarnedofhiddencostsofrighttobeforgotten/
• New NIST DRAFT updates Special Publication (SP) 800-53 Revision 5, Security and Privacy Controls for Federal Information Systems and Organizations http://csrc.nist.gov/publications/PubsDrafts.html#800-53r5
• Body Cameras, AI, predictive policing, and privacy http://www.ibtimes.com/political-capital/police-body-camera-company-axon-vacuuming-data-stoking-privacy-concerns-2579107
• USENIX paper looks at success of journalism collaboration system used for Panama Papers investigation https://scienmag.com/journalists-successfully-used-secure-computing-to-expose-panama-papers-researchers-say/

Off-Topic

• Asteroid near misses coming soon, Earth to get one very close shave http://www.syfy.com/syfywire/two-space-rocks-will-safely-buzz-earth-this-fall
• NASA takes nuclear powered rockets off the back burner https://www.universetoday.com/136752/nasa-reignites-program-nuclear-thermal-rockets/
• New solar glass block tech for buildings https://scienmag.com/buildings-to-generate-their-own-power-with-innovative-glass-blocks/
• Beyond clover-leaves, traffic circles, and Michigan-left-turns, Calgary gets Canada's first diverging-diamond traffic interchange  http://www.cbc.ca/news/canada/calgary/diverging-diamond-interchange-opens-calgary-1.4245773